Michelle Schaap practices cybersecurity and corporate law. Within corporate law, she primarily practices in construction, franchising and renewable energy – representing a varied client base that ranges from Fortune 500 companies to closely-held businesses.
Combining her technology and corporate experience, Michelle has spearheaded and developed CSG’s cybersecurity practice. She regularly advises clients on cybersecurity preparedness, counsels clients when data security incidents arise and trains companies on best practices for security procedures addressing both their business operations and their customers’ concerns. Michelle assesses her clients’ risk management practices and security incident preparedness to develop a proactive response and recovery plan enacted to recover from security breaches. Additionally, Michelle works with clients in contract review, drafting and negotiation in critical areas of privacy and security.
Further, Michelle counsels clients on incident and breach response, often serving as a quarterback to the incident response team and working closely with her clients’ senior executives, forensics, law enforcement and other critical team members.
Michelle is a Certified Information Privacy Professional, awarded from the International Association of Privacy Professionals, with a concentration on U.S. private-sector law (CIPP/US).
Within the construction industry, Michelle negotiates complex agreements – including construction management, architect and design-build agreements. Her extensive experience includes multimillion-dollar biotech research facilities, design-build agreements for amusement rides, and working with various clients to develop form agreements for planned expansion. Complementary to Michelle's construction work is her experience negotiating solar facility agreements – including power purchase agreements and engineering, procurement and construction agreements.
Michelle works closely with both technology developers and companies seeking to acquire technologies – whether by custom development, license, subscription or otherwise. Michelle’s experience overseeing these transactions enhances efficiency and ensures that the agreement appropriately protects her clients. She educates her clients on potential risks and liabilities, and provides best practices to help manage and mitigate such exposure.
Prior to joining the firm, Michelle served as in-house counsel to Toys “R” Us, Inc. from 1991 to 1996. She also worked in Japan for several years as a foreign associate with the Tokyo-based firm of Hamada & Matsumoto (now Mori, Hamada & Matsumoto).
Cyber Security Awareness Training - CSG (November 2 & 4, 2015)
Women in Non-Traditional Professions: Women of Brick and Mortar - The Women's Institute at Bergen Community College (March 20, 2012)
Growing via Joint Ventures and Alliances - Stevens Institute of Technology Law & Entrepreneurship Program (June 10, 2008)
Not in California? Here's Why the CCPA Should Still Be on Your Radar (November 2019)
The Long Reach of New York's SHIELD Act (October 2019)
Amendment to Breach Statute (May 2019)
Pennsylvania Supreme Court Ruling Opens Floodgates on Cybersecurity Lawsuits (December 2018)
Proposed New York Legislation: Cybersecurity Is Not Just an Issue for Financial Services and Insurance Companies (November 2017)
Affirmative Data Security Obligations for Business (August 2017)
New Jersey Adopts Personal Information and Privacy Protection Act Restricting Retailers’ Right to Request and Retain Customer Information (July 2017)
Patch Early, Patch Often: If You Hit "Remind Me Later", It May Be Too Late (June 2017)
Ransomware: To Pay or Not to Pay, That is the Question... (May 2017)
NYC Freelance Isn't Free Act - Requirements for Doing Business with Contractors (May 2017)
WannaCry Explained (May 2017)
New York State Cybersecurity Regulations Regarding Cyber and Data Privacy Obligations Applicable to Banking, Insurance and Financial Services (March 2017)
Controversial New York Cybersecurity Regulations Revised (January 2017)
New York Cybersecurity Regulations Delayed (December 2016)
Beyond Yahoo!...Safety Tips (December 2016)
You Check the Date on Your Milk Carton...But When Did You Last Check the Date on Your Website Policies (December 2016)
What Do the New FCC Privacy and Security Rules Mean for Internet Service Providers and Their Subscribers? (November 2016)
Pending NY State Proposed Cybersecurity Requirements for "Covered Entities" (October 2016)